In an effort to help our customers meet the industry’s demanding compliance and auditing requirements, Cimmaron is excited to formally introduce its CloudCrypt technology platform. Protecting the client’s Personally Identifiable Information (PII) is vital to an organization’s continued success moving forward and the CloudCrypt solution stands alone in the Mortgage CRM marketplace in meeting this challenge.

San Diego, CA (PRWEB) January 08, 2014

Reliable protection of your client's Personally Identifiable Information (PII) is one of the primary hurdles facing IT departments when looking to an external solution for their organization's CRM needs.

The Cimmaron XAP platform is built upon a security architecture that uses two levels of data encryption and a certificate management design unique to the industry because of its ability for clients to manage their own private key via the Cimmaron CloudCrypt technology.

"We are especially proud not just of our technology, but of the policies and procedures we have developed to deal with key management, key protection, physical protection, and so on."

Goran Stijacic
Senior Software Architect
Cimmaron Software

Technology Overview

SSN and other vulnerable contact data is encrypted both in the database and optionally through certificates held at the client site. This provides protection in cases where the outer layers of security (firewalls, web servers, etc.) may be comprised.

With CloudCrypt, our customer's IT department holds control over certificate management by maintaining the private keys used to decrypt their client's data. This approach provides a way to extend corporate security practices and policies outside their own network and into an externally hosted CRM solution. The customer decides which users can decrypt the client's critical PII data and with this method only the organization, not Cimmaron, has access to the private key.

Private keys can be deployed using GPO, logon scripts, or any other way that domain assets are distributed. Lastly, keys can be marked as non-exportable and pin protected on the client machines, providing the ultimate in data protection.

There are two methods for setting up this type of protection:

If your organization already has a key infrastructure in place, all that is needed is a .cer or public key uploaded into the application.

Cimmaron also offers a complete turn-key solution that includes everything needed to implement this approach: